📜 对话日志检索

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can search and expose complete prior conversation logs without enough built-in privacy limits.

Install only if you are comfortable letting the agent search local historical conversations. Use it for explicit, narrow recovery tasks, and ask the agent to limit searches by date, topic, or session and to summarize or redact sensitive matches instead of dumping full transcripts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs the agent to search complete conversation history and session transcripts, including older or parent conversations, but provides no privacy warning, consent check, or limitation on what may be disclosed. That omission increases the likelihood of exposing sensitive prior-user content, internal reasoning artifacts, or unrelated historical data when responding to a user request.

Ssd 3

Medium

Confidence: 95% confidence
Finding: This skill is designed to search and analyze full historical session logs under the agent's local storage, including user and assistant messages across prior conversations. In context, that creates a direct cross-session data exposure path: a current prompt can trigger retrieval of private content from older transcripts that may contain secrets, personal data, or information from different contexts without any access-control boundary.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal